ITPub博客

首页 > Linux操作系统 > Linux操作系统 > ORA-12537 TNS:连接关闭

ORA-12537 TNS:连接关闭

原创 Linux操作系统 作者:gaopengtttt 时间:2013-10-14 18:23:27 0 删除 编辑
今天遇到:ORA-12537 TNS:连接关闭,监听正常,集群正常,数据库正常,查了一下才发现问题。

LISTENER日志报错
TNS-12546: TNS:permission denied
 TNS-12560: TNS:protocol adapter error
  TNS-00516: Permission denied

设置限制登录
tcp.validnode_checking=yes
tcp.invited_nodes=(136.3.67.11,136.1.10.11,136.1.10.12,136.1.10.13,136.1.10.14,136.1.10.7,136.1.10.8,136.1.10.6,10.0.1.11,10.0.1.12,10.0.1.6,10.0.1.7,10.0.1.8)

What is Validnode Verification and How to Use It (Doc ID 462933.1)

metalink
In this Document
Goal
Fix
APPLIES TO:

Oracle Net Services - Version 9.2.0.1.0 and later
Information in this document applies to any platform.
GOAL

How to control access to the database and understand validnode checking.

FIX

You can configure the sqlnet.ora file to allow and deny access to the database via the validnode checking parmeters. (Earlier versions of Oracle, 8i and lower used the protocol.ora file)

TCP.VALIDNODE_CHECKING 
Use to specify whether to screen access to the database.Value is either YES or ON 

TCP.EXCLUDED_NODES 
Use to specify which clients using the TCP/IP protocol are denied access to the database. Hostname and ipaddress can be used

TCP.INVITED_NODES 
Use to specify which clients using the TCP/IP protocol are allowed access to the database. Hostname and ipadddress can be used.
Example sqlnet.ora file (set where database is running) 

TCP.VALIDNODE_CHECKING = YES 
TCP.EXCLUDED_NODES= (138.3.33.33)
TCP.INVITED_NODES=(138.4.44.44, hammer)
Would cause the SQL*plus from client "138.3.33.33" to error

sqlplus scott/tiger@orcl  
SQL*Plus: Release 10.2.0.1.0 - Production on Tue Oct 16 11:48:40 2007  
Copyright (c) 1982, 2005, Oracle.  All rights reserved.  

ERROR:  
ORA-12537: TNS:connection closed
 Level 16 listener trace will show


nttvlser: valid node check on incoming node 138.3.33.33
nttvlser: Denied Entry: 138.3.33.33
nttcon: exit
nserror: entry
nserror: nsres: id=1, p=65, ns=12546, ns2=12560; nt[0]=516, nt[1]=0, nt[2]=0; ora[0]=0, ora[1]=0, ora[2]=

Listener log will show 

16-OCT-2007 11:48:40 * 12546 
TNS-12546: TNS:permission denied 
 TNS-12560: TNS:protocol adapter error 
  TNS-00516: Permission denied
But would allow connections from machines "138.4.44.44" and "hammer" to pass.Please note that without the servers host name or ip address in the invited list, then PMON will not register with the listener.

Any changes to the values requires the TNS listener to be reloaded
All host names must be resolvable or the TNS listener will not start
Invited list takes precedence over excluded listed
All entries must be on one line(Best to add entries via Net Manager)
SCAN and TCP.INVITED_NODES will require the SCAN VIPs and Node Vips to be added to the Grid Infrastructure SQLNET.ORA file.

来自 “ ITPUB博客 ” ,链接:http://blog.itpub.net/7728585/viewspace-774363/,如需转载,请注明出处,否则将追究法律责任。

下一篇: ORA-12545 问题
请登录后发表评论 登录
全部评论
wxh gp_22389860 <<深入理解MySQL主从原理专栏>> 发布 可加WX了解

注册时间:2008-10-13

  • 博文量
    715
  • 访问量
    3012406